[erlang-questions] Erlang Crypto R16+ and Centos 6.4+ incompatibility

Tue Dec 17 17:37:26 CET 2013

Hi,

It happened because he built with an OpenSSL which doesn’t incorporate Red Hat's errata, most likely. This was an issue with a great many products for all of like a week or two while the broken packages were being delivered. ‎

It's not Erlang's fault. And Red Hat fixed their packages. The only two likely options are that the distro (or, more likely, system) does not have the current packages; or, there is a new bug which needs to be filed with Red Hat (less likely).‎

--Matt

--
Matt Lewandowsky
Big Geek
Greenviolet
matt@REDACTED http://www.greenviolet.net
+1 415 578 5782 (US) +44 844 484 8254 (UK)
Sent from my BlackBerry 10 smartphone.
From: Andreas Schultz
Sent: Tuesday, December 17, 2013 08:15
To: Evgeny M
Cc: erlang-programming@REDACTED; erlang-questions@REDACTED
Subject: Re: [erlang-questions] Erlang Crypto R16+ and Centos 6.4+ incompatibility

Hi,

----- Original Message -----
>
>
> >That is not an Erlang problem itself. The binary Erlang packet you
> installed
> >was build on an system that had a OpenSSL with EC support enabled while
> the
> >system you are trying to install one, has OpenSSL with EC support
> disabled.
>
> Nope, I compiled erlang from sources, and it throws the error in
> crypto:start(). Seems like ./configure does not detect missing curves.

configure has nothing to do with it. When openssl is configured and build
a file named opensslconf.h is generated (on Ubuntu it's installed to
/usr/include/x86_64-linux-gnu/openssl/opensslconf.h)

That file is indirectly included though the other openssl headers and
specifies at compile time what ciphers are supported. That your Erlang
was compiled with EC support when your openssl seems to be missing
support for it, means that that config header must be broken.

Would be great to know how that happened.

Andreas

> >No, that is Centos/Redhat stupidity. OpenSSL by default does EC, but
> Redhat choose
>
> >to disabled EC so that the NSA can better spy on you.
>
> Sure it's not erlang fault, but still do we really want to ditch half of
> potential user base? Or suggest everyone to install outdated R15, as it
> still works?
>
>

--
--
Dipl. Inform.
Andreas Schultz
_______________________________________________
erlang-questions mailing list
erlang-questions@REDACTED
http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20131217/06bd1951/attachment.htm>